Email rejected due to poor MTA

pixel_ninja

Expert Member
Joined
May 21, 2010
Messages
1,215
Reaction score
4
Location
Aokautere
EDIT: I know I made a typo on the thread name. -.-

Should read:Email rejected due to poor MTA

Hi Guys,

I was wondering if someone could provide a bit of input with regards to my little issue I'm experiencing:

I am hosting our company's Email on one of our servers, but recently I've been getting complaints from staff that every now and then they are unable to send emails to valid recipients. So I took a look at the logs and see that this is the error I am getting:

554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.

After abit more digging I found that it could be that my IP is sending spam? Checked my IP being blacklisted Blacklist.JPG

I am running Symantec Endpoint and havent picked up any viruses? Have I been given an IP with a bad reputation, or am I infected with some sort of spambot?(surely SEP would pick up on that)
 
Last edited by a moderator:
Does your MTA enforce restrictions on sending emails - ie - only allows from your own network? Or does it allow relaying from outside?
 
Use mxtoolbox.com to check as well.

1. What Sinbad said.
2. You might have a compromised luser account, which the spammers are using to relay their filth. Force a password reset all across the domain. (This happened to me recently - and it was a compromised "test" account which I forgot to disable :o)
 
Does your MTA enforce restrictions on sending emails - ie - only allows from your own network? Or does it allow relaying from outside?

Exactly my thought, If you are using exchange only allow the IPs from your own local range and close the SMTP port on your firewall or at least enable SMTP authentication.
Are you by any chance making use of SMTP for mobile clients on laptops an phones ? If so Bad idea! :-) Rather make use of OWA

Block list providers dont like Open Relays at all!
 
Last edited:
You can't close it on your firewall if you receive smtp emails from the net!
 
what i meant to say is that you could block traffic going out on your firewall on SMTP destination port 25 and only allow your SMTP server.

Or if you are using Exchange you could only allow the IP of of your exchange out, on destination port 25 and on exhcange it self you could block all ip addresses , unless you have printers that can scan to fax, then only allow those printers
 
Last edited:
Could also be from the international anti-spam orgs blocking whole chunks of ZA ip spaces and your subnet may unfortunately fall within one of the blocked ranges.

But as mentioned above, if port 25 is open to your whole network and you have an infected machine directly spamming out your ip will eventually be blacklisted.
 
Thanks for your help, I'm running MDaemon, so it's not an exchange server. So OWA is not an option unless we upgrade to an exchange. Is there a pop3 equivalent? :/

Port 25 is blocked on my router (except from/to my mail server)

We do have a number of staff who are out in the field so they need to be able to receive mail externally so currently I'm using Dyndns to point to my router to fetch their mail.

Our bandwidth usage has been increasing, but it hasnt skyrocketed which is what would happen if it was infected?

I've enforced a password reset on all users, if one of the accounts has indeed been compromised, would this solve the issue? or is it possible that the could still be using me as a relay somehow?
 
Last edited:
... I'm using Dyndns to point to my router to fetch their mail.

Wait, do you have a fixed IP from your ISP? and are you sending mail directly off your server or routing through your ISP's relay?

Mail servers run on dymanic ip ranges MUST use the ISP's smtp server to route outgoing mail!



Certain malware can read outlook account info and call home with it, best to run full scans on all your machines with a reputable antivirus (MSE, Kaspersky, Bitdefender...)

The OWA equivalent for mdaemon is WorldClient, should be running by default on port 3000.

Mdaemon does offer a few features to mitigate any brute force attempts to compromise an account. have a look at "pop before smtp", "smtp authentication" & "dynamic screen".

Also check your settings under "relay control"
 
Dynamic IP's are NOT allowed to relay - as they're on a blacklist by default & any savvy sysadmin WILL be making use of those blacklists.

You should use a static IP to relay your emails - or, failing that, relay mail via your ISP's mail server.
 
Wait, do you have a fixed IP from your ISP? and are you sending mail directly off your server or routing through your ISP's relay? It's not fixed, routing to smtp.isdsl.net

Mail servers run on dymanic ip ranges MUST use the ISP's smtp server to route outgoing mail! Hmmm this must mean that the issue is with IS and not with me?

Certain malware can read outlook account info and call home with it, best to run full scans on all your machines with a reputable antivirus (MSE, Kaspersky, Bitdefender...) Hehe.. I notice that Syman EP was omitted from your list?

The OWA equivalent for mdaemon is WorldClient, should be running by default on port 3000. Yeah WC is running but the guys prefer to receive their mail in outlook rather than grab it over a web browser. Should I force them to?

Mdaemon does offer a few features to mitigate any brute force attempts to compromise an account. have a look at "pop before smtp", "smtp authentication" & "dynamic screen".

Also check your settings under "relay control"

Thanks again for your help Brandon.
 
Here is the error log, which I should have included in my OP...
It looks like Nedbank is rejecting IS's server? and not mine? because I use their mail server to forward mail?

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

[email protected]
SMTP error from remote mail server after initial connection:
host mxgw05.nedbank.co.za [168.142.192.39]: 554-mxgw05.nedbank.co.za
554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.

------ This is a copy of the message, including all the headers. ------
------ The body of the message is 21207 characters long; only the first
------ 16384 or so are included here.

Return-path: <[email protected]>
Received: from 196-210-188-159.dynamic.isadsl.co.za ([196.210.188.159]:55125
helo=xxx.co.za)
by smtp06.isdsl.net with esmtp (Exim 4.77 #0)
(envelope-from <[email protected]>)
id 1TDt2E-000IHx-Fu
for <[email protected]>; Tue, 18 Sep 2012 10:19:59 +0200
Received: from CXXXL ([10.10.1.111])
by xxx.co.za (ohs-ca.co.za [10.10.1.2])
(MDaemon PRO v9.6.0)
with ESMTP id md50000919954.msg
for <[email protected]>; Tue, 18 Sep 2012 10:20:17 +0200
Reply-To: <[email protected]>
From: "CXXXn SXXXl" <[email protected]>
To: "'Myyyn, J. \(Jyyyi\)'" <[email protected]>
Subject:
Date: Tue, 18 Sep 2012 10:20:10 +0200
Organization: xxx
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_008B_01CD9587.2F09FE00"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931
Thread-Index: Ac2Vdms8I68s7f3cRJ6vADMz8MHKcw==
X-Spam-Processed: ohs-ca.co.za, Tue, 18 Sep 2012 10:20:17 +0200
(not processed: message from valid local sender)
X-MDRemoteIP: 10.10.1.111
X-Return-Path: [email protected]
X-Envelope-From: [email protected]
X-MDaemon-Deliver-To: [email protected]
Message-Id: <[email protected]>
X-Scan-Signature: 74f1e311b8139ca0fddb993286b8f597{554}}

This is a multi-part message in MIME format.

------=_NextPart_000_008B_01CD9587.2F09FE00
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_008C_01CD9587.2F09FE00"


------=_NextPart_001_008C_01CD9587.2F09FE00
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
 
Ok so I've been blacklisted because I need to authenticate my emails between outlook and my mail server? or My mail server and IS's?
 
Here is the error log, which I should have included in my OP...
It looks like Nedbank is rejecting IS's server? and not mine? because I use their mail server to forward mail?

Yes, it appears it is from one or more of the ip's belonging to the isdsl smtp cluster being on a blacklist. I recommend you open a support ticket with IS and get them to sort it out. Short of changing ISP's or registering with a pay-for smtp service, there is not much more you can do from your side.

I stopped using Symantec a while ago, definition updates from them where too slow and there were increasing incidents of crapware slipping past it. Changed to Kaspersky & never looked back!
 
Ok so I've been blacklisted because I need to authenticate my emails between outlook and my mail server? or My mail server and IS's?

You need to "relay" your outgoing emails to your ISP's email server.

mdaemon setup.jpg

Replace the entry in the "Smart Host" field with your ISP's email server address (mail.is.co.za for example, although it may differ).

You'll also need to fill in the "authentication" fields - usually this is your ADSL account login credentials. If there's none, ask your ISP for assistance.

This is only a temporary measure, to get your emails going out until you're able to sort the issue with your static IP out.
 
Last edited:
Checking out the IP of 196.210.188.159 reveals the following ...

Hi Librarian, that is his actual dynamic IP & it will be blacklisted, but the bounce is coming from isdsl's relay MTA (line 2 of the DNR from the OP)
Code:
Received: from 196-210-188-159.dynamic.isadsl.co.za ([196.210.188.159]:55125
helo=xxx.co.za)
by smtp06.isdsl.net with esmtp (Exim 4.77 #0)
In this case it is smtp06.isdsl.net or 196.26.208.199 that needs investigating.
 
Top
Sign up to the MyBroadband newsletter
X